Identity And Access Management - Rajiv Dewan

Manage Direct Role Members Through Membership Rules

Problem Summary: Managing the role membership of Direct Members through membership rules

Problem Description:

We have a role with some membership rule but we have assigned this role to few users through API as well. Tomorrow if we change the existing membership rule then these direct users won't come out of the role automatically based on the new membership rule. Someone has to remove these users from role manually or programmatically if we change the membership rule.

Solution:

Update USG set USG_PROV_MECHANISM ='Rule-Based Role-Assignment', USG_RULE_BASED=1, USG_PROV_BY=ROLE_KEYwhere UGP_KEY=ROLE_KEY and USG_RULE_BASED is null;NOTE: ROLE_KEY is the key of the role/group.After running this query, now if you modify the membership rule then these users will come out of the role automatically. No need to remove the role from Direct Members manually or through programmatically. They will taken care by Oracle Identity Manager..